Mail archive
alpine-aports

[alpine-aports] [PATCH v3.2] main/curl: security upgrade to 7.52.1 - fixes #6601

From: Sergey Lukin <sergej.lukin_at_gmail.com>
Date: Fri, 30 Dec 2016 08:50:19 +0000

CVE-2016-9594: unititialized random
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-8625: IDNA 2003 makes curl use wrong host

https://curl.haxx.se/changes.html
---
 main/curl/APKBUILD            |  54 +++++------
 main/curl/CVE-2016-5419.patch |  85 -----------------
 main/curl/CVE-2016-5420.patch |  30 ------
 main/curl/CVE-2016-5421.patch |  35 -------
 main/curl/CVE-2016-7141.patch |  42 ---------
 main/curl/CVE-2016-7167.patch |  53 -----------
 main/curl/CVE-2016-8615.patch |  75 ---------------
 main/curl/CVE-2016-8616.patch |  66 --------------
 main/curl/CVE-2016-8617.patch |  36 --------
 main/curl/CVE-2016-8618.patch |  50 ----------
 main/curl/CVE-2016-8619.patch |  50 ----------
 main/curl/CVE-2016-8620.patch | 205 -----------------------------------------
 main/curl/CVE-2016-8621.patch | 121 ------------------------
 main/curl/CVE-2016-8622.patch | 126 -------------------------
 main/curl/CVE-2016-8623.patch | 207 ------------------------------------------
 15 files changed, 27 insertions(+), 1208 deletions(-)
 delete mode 100644 main/curl/CVE-2016-5419.patch
 delete mode 100644 main/curl/CVE-2016-5420.patch
 delete mode 100644 main/curl/CVE-2016-5421.patch
 delete mode 100644 main/curl/CVE-2016-7141.patch
 delete mode 100644 main/curl/CVE-2016-7167.patch
 delete mode 100644 main/curl/CVE-2016-8615.patch
 delete mode 100644 main/curl/CVE-2016-8616.patch
 delete mode 100644 main/curl/CVE-2016-8617.patch
 delete mode 100644 main/curl/CVE-2016-8618.patch
 delete mode 100644 main/curl/CVE-2016-8619.patch
 delete mode 100644 main/curl/CVE-2016-8620.patch
 delete mode 100644 main/curl/CVE-2016-8621.patch
 delete mode 100644 main/curl/CVE-2016-8622.patch
 delete mode 100644 main/curl/CVE-2016-8623.patch
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index c3d37de..4f8daa9 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
_at_@ -1,8 +1,8 @@
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 # Contributor: Sergey Lukin <sergej.lukin_at_gmail.com>
 pkgname=curl
-pkgver=7.49.1
-pkgrel=4
+pkgver=7.52.1
+pkgrel=0
 pkgdesc="An URL retrival utility and library"
 url="http://curl.haxx.se"
 arch="all"
_at_@ -11,35 +11,35 @@ depends="ca-certificates"
 depends_dev="zlib-dev openssl-dev libssh2-dev"
 makedepends="groff $depends_dev perl"
 subpackages="$pkgname-doc $pkgname-dev"
-source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2
-	CVE-2016-5419.patch
-	CVE-2016-5420.patch
-	CVE-2016-5421.patch
-	CVE-2016-7141.patch
-	CVE-2016-7167.patch
-	CVE-2016-8615.patch
-	CVE-2016-8616.patch
-	CVE-2016-8617.patch
-	CVE-2016-8618.patch
-	CVE-2016-8619.patch
-	CVE-2016-8620.patch
-	CVE-2016-8621.patch
-	CVE-2016-8622.patch
-	CVE-2016-8623.patch
-	CVE-2016-8624-fixed.patch
-	"
+source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2"
 
 _builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
-#   7.49.1-r1:
-#   - CVE-2016-5419
-#   - CVE-2016-5420
-#   - CVE-2016-5421
-#   7.49.1-r2:
-#   - CVE-2016-7141
-#   7.49.1-r3:
-#   - CVE-2016-7167
+#  7.52.1-r0:
+#    - CVE-2016-9594
+#    - CVE-2016-9586
+#    - CVE-2016-9952
+#    - CVE-2016-9953
+#  7.49.1-r4:
+#    - CVE-2016-8615
+#    - CVE-2016-8616
+#    - CVE-2016-8617
+#    - CVE-2016-8618
+#    - CVE-2016-8619
+#    - CVE-2016-8620
+#    - CVE-2016-8621
+#    - CVE-2016-8622
+#    - CVE-2016-8623
+#    - CVE-2016-8624
+#  7.49.1-r3:
+#    - CVE-2016-7167
+#  7.49.1-r2:
+#    - CVE-2016-7141
+#  7.49.1-r1:
+#    - CVE-2016-5419
+#    - CVE-2016-5420
+#    - CVE-2016-5421
 
 prepare() {
 	local i
diff --git a/main/curl/CVE-2016-5419.patch b/main/curl/CVE-2016-5419.patch
deleted file mode 100644
index 4eb74dd..0000000
--- a/main/curl/CVE-2016-5419.patch
+++ /dev/null
_at_@ -1,85 +0,0 @@
-From 416ad90afc50d9cbcb50ba4ab28f88d260774f6d Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Fri, 1 Jul 2016 13:32:31 +0200
-Subject: [PATCH] TLS: switch off SSL session id when client cert is used
-
-CVE-2016-5419
-Bug: https://curl.haxx.se/docs/adv_20160803A.html
-Reported-by: Bru Rom
-Contributions-by: Eric Rescorla and Ray Satiro
----
- lib/url.c       |  1 +
- lib/urldata.h   |  1 +
- lib/vtls/vtls.c | 10 ++++++++++
- 3 files changed, 12 insertions(+)
-
-diff --git a/lib/url.c b/lib/url.c
-index 258a286..e547e5c 100644
---- a/lib/url.c
-+++ b/lib/url.c
-_at_@ -6121,10 +6121,11 @@ static CURLcode create_conn(struct Curl_easy *data,
-   data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
-   data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
-   data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
-   data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
-   data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST];
-+  data->set.ssl.clientcert = data->set.str[STRING_CERT];
- #ifdef USE_TLS_SRP
-   data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
-   data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
- #endif
- 
-diff --git a/lib/urldata.h b/lib/urldata.h
-index 611c5a7..3cf7ed9 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-_at_@ -349,10 +349,11 @@ struct ssl_config_data {
-   bool verifystatus;     /* set TRUE if certificate status must be checked */
-   char *CApath;          /* certificate dir (doesn't work on windows) */
-   char *CAfile;          /* certificate to verify peer against */
-   const char *CRLfile;   /* CRL to check certificate revocation */
-   const char *issuercert;/* optional issuer certificate filename */
-+  char *clientcert;
-   char *random_file;     /* path to file containing "random" data */
-   char *egdsocket;       /* path to file containing the EGD daemon socket */
-   char *cipher_list;     /* list of ciphers to use */
-   size_t max_ssl_sessions; /* SSL session id cache size */
-   curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
-diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
-index d3e41cd..33e209d 100644
---- a/lib/vtls/vtls.c
-+++ b/lib/vtls/vtls.c
-_at_@ -154,20 +154,30 @@ Curl_clone_ssl_config(struct ssl_config_data *source,
-       return FALSE;
-   }
-   else
-     dest->random_file = NULL;
- 
-+  if(source->clientcert) {
-+    dest->clientcert = strdup(source->clientcert);
-+    if(!dest->clientcert)
-+      return FALSE;
-+    dest->sessionid = FALSE;
-+  }
-+  else
-+    dest->clientcert = NULL;
-+
-   return TRUE;
- }
- 
- void Curl_free_ssl_config(struct ssl_config_data* sslc)
- {
-   Curl_safefree(sslc->CAfile);
-   Curl_safefree(sslc->CApath);
-   Curl_safefree(sslc->cipher_list);
-   Curl_safefree(sslc->egdsocket);
-   Curl_safefree(sslc->random_file);
-+  Curl_safefree(sslc->clientcert);
- }
- 
- 
- /*
-  * Curl_rand() returns a random unsigned integer, 32bit.
--- 
-2.8.1
-
diff --git a/main/curl/CVE-2016-5420.patch b/main/curl/CVE-2016-5420.patch
deleted file mode 100644
index e91b9c7..0000000
--- a/main/curl/CVE-2016-5420.patch
+++ /dev/null
_at_@ -1,30 +0,0 @@
-From f6474ff3bfb38c28b70b5ba01048edc41f654376 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Sun, 31 Jul 2016 00:51:48 +0200
-Subject: [PATCH] TLS: only reuse connections with the same client cert
-
-CVE-2016-5420
-Bug: https://curl.haxx.se/docs/adv_20160803B.html
----
- lib/vtls/vtls.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
-index 33e209d..3863777 100644
---- a/lib/vtls/vtls.c
-+++ b/lib/vtls/vtls.c
-_at_@ -97,10 +97,11 @@ Curl_ssl_config_matches(struct ssl_config_data* data,
-   if((data->version == needle->version) &&
-      (data->verifypeer == needle->verifypeer) &&
-      (data->verifyhost == needle->verifyhost) &&
-      safe_strequal(data->CApath, needle->CApath) &&
-      safe_strequal(data->CAfile, needle->CAfile) &&
-+     safe_strequal(data->clientcert, needle->clientcert) &&
-      safe_strequal(data->random_file, needle->random_file) &&
-      safe_strequal(data->egdsocket, needle->egdsocket) &&
-      safe_strequal(data->cipher_list, needle->cipher_list))
-     return TRUE;
- 
--- 
-2.8.1
-
diff --git a/main/curl/CVE-2016-5421.patch b/main/curl/CVE-2016-5421.patch
deleted file mode 100644
index 4f59495..0000000
--- a/main/curl/CVE-2016-5421.patch
+++ /dev/null
_at_@ -1,35 +0,0 @@
-From ccb7d79b62c8b15a6be446f9c9fd3767c01eb5b6 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Sun, 31 Jul 2016 01:09:04 +0200
-Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2016-5421
-Bug: https://curl.haxx.se/docs/adv_20160803C.html
-Reported-by: Marcelo Echeverria and Fernando Muñoz
----
- lib/multi.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/multi.c b/lib/multi.c
-index 9ee3523..8bb9366 100644
---- a/lib/multi.c
-+++ b/lib/multi.c
-_at_@ -2155,10 +2155,12 @@ static void close_all_connections(struct Curl_multi *multi)
-   while(conn) {
-     SIGPIPE_VARIABLE(pipe_st);
-     conn->data = multi->closure_handle;
- 
-     sigpipe_ignore(conn->data, &pipe_st);
-+    conn->data->easy_conn = NULL; /* clear the easy handle's connection
-+                                     pointer */
-     /* This will remove the connection from the cache */
-     (void)Curl_disconnect(conn, FALSE);
-     sigpipe_restore(&pipe_st);
- 
-     conn = Curl_conncache_find_first_connection(&multi->conn_cache);
--- 
-2.8.1
-
diff --git a/main/curl/CVE-2016-7141.patch b/main/curl/CVE-2016-7141.patch
deleted file mode 100644
index dab2cc4..0000000
--- a/main/curl/CVE-2016-7141.patch
+++ /dev/null
_at_@ -1,42 +0,0 @@
-From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka_at_redhat.com>
-Date: Mon, 22 Aug 2016 10:24:35 +0200
-Subject: [PATCH] nss: refuse previously loaded certificate from file
-
-... when we are not asked to use a certificate from file
----
- lib/vtls/nss.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
-index 20c4277..cfb2263 100644
---- a/lib/vtls/nss.c
-+++ b/lib/vtls/nss.c
-_at_@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-   struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
-   struct Curl_easy *data = connssl->data;
-   const char *nickname = connssl->client_nickname;
-+  static const char pem_slotname[] = "PEM Token #1";
- 
-   if(connssl->obj_clicert) {
-     /* use the cert/key provided by PEM reader */
--    static const char pem_slotname[] = "PEM Token #1";
-     SECItem cert_der = { 0, NULL, 0 };
-     void *proto_win = SSL_RevealPinArg(sock);
-     struct CERTCertificateStr *cert;
-_at_@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-   if(NULL == nickname)
-     nickname = "[unknown]";
- 
-+  if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
-+    failf(data, "NSS: refusing previously loaded certificate from file: %s",
-+          nickname);
-+    return SECFailure;
-+  }
-+
-   if(NULL == *pRetKey) {
-     failf(data, "NSS: private key not found for certificate: %s", nickname);
-     return SECFailure;
--- 
-2.7.4
-
diff --git a/main/curl/CVE-2016-7167.patch b/main/curl/CVE-2016-7167.patch
deleted file mode 100644
index 3e6e454..0000000
--- a/main/curl/CVE-2016-7167.patch
+++ /dev/null
_at_@ -1,53 +0,0 @@
-diff --git a/lib/escape.c b/lib/escape.c
-index 2c6a7f6..5ae4b18 100644
---- a/lib/escape.c
-+++ b/lib/escape.c
-_at_@ -77,15 +77,21 @@ char *curl_unescape(const char *string, int length)
- 
- char *curl_easy_escape(CURL *handle, const char *string, int inlength)
- {
--  size_t alloc = (inlength?(size_t)inlength:strlen(string))+1;
-+  size_t alloc;
-   char *ns;
-   char *testing_ptr = NULL;
-   unsigned char in; /* we need to treat the characters unsigned */
--  size_t newlen = alloc;
-+  size_t newlen;
-   size_t strindex=0;
-   size_t length;
-   CURLcode result;
- 
-+  if(inlength < 0)
-+    return NULL;
-+
-+  alloc = (inlength?(size_t)inlength:strlen(string))+1;
-+  newlen = alloc;
-+
-   ns = malloc(alloc);
-   if(!ns)
-     return NULL;
-_at_@ -210,14 +216,16 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
-                          int *olen)
- {
-   char *str = NULL;
--  size_t inputlen = length;
--  size_t outputlen;
--  CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
--                                FALSE);
--  if(res)
--    return NULL;
--  if(olen)
--    *olen = curlx_uztosi(outputlen);
-+  if(length >= 0) {
-+    size_t inputlen = length;
-+    size_t outputlen;
-+    CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
-+                                  FALSE);
-+    if(res)
-+      return NULL;
-+    if(olen)
-+      *olen = curlx_uztosi(outputlen);
-+  }
-   return str;
- }
- 
diff --git a/main/curl/CVE-2016-8615.patch b/main/curl/CVE-2016-8615.patch
deleted file mode 100644
index d1fda35..0000000
--- a/main/curl/CVE-2016-8615.patch
+++ /dev/null
_at_@ -1,75 +0,0 @@
-From 1620f552a277ed5b23a48b9c27dbf07663cac068 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Tue, 27 Sep 2016 17:36:19 +0200
-Subject: [PATCH] cookie: replace use of fgets() with custom version
-
-... that will ignore lines that are too long to fit in the buffer.
-
-CVE-2016-8615
-
-Bug: https://curl.haxx.se/docs/adv_20161102A.html
-Reported-by: Cure53
----
- lib/cookie.c | 31 ++++++++++++++++++++++++++++++-
- 1 file changed, 30 insertions(+), 1 deletion(-)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 0f05da2..e5097d3 100644
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-_at_@ -901,10 +901,39 @@ Curl_cookie_add(struct Curl_easy *data,
-   }
- 
-   return co;
- }
- 
-+/*
-+ * get_line() makes sure to only return complete whole lines that fit in 'len'
-+ * bytes and end with a newline.
-+ */
-+static char *get_line(char *buf, int len, FILE *input)
-+{
-+  bool partial = FALSE;
-+  while(1) {
-+    char *b = fgets(buf, len, input);
-+    if(b) {
-+      size_t rlen = strlen(b);
-+      if(rlen && (b[rlen-1] == '\n')) {
-+        if(partial) {
-+          partial = FALSE;
-+          continue;
-+        }
-+        return b;
-+      }
-+      else
-+        /* read a partial, discard the next piece that ends with newline */
-+        partial = TRUE;
-+    }
-+    else
-+      break;
-+  }
-+  return NULL;
-+}
-+
-+
- /*****************************************************************************
-  *
-  * Curl_cookie_init()
-  *
-  * Inits a cookie struct to read data from a local file. This is always
-_at_@ -957,11 +986,11 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
-     bool headerline;
- 
-     line = malloc(MAX_COOKIE_LINE);
-     if(!line)
-       goto fail;
--    while(fgets(line, MAX_COOKIE_LINE, fp)) {
-+    while(get_line(line, MAX_COOKIE_LINE, fp)) {
-       if(checkprefix("Set-Cookie:", line)) {
-         /* This is a cookie line, get it! */
-         lineptr=&line[11];
-         headerline=TRUE;
-       }
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8616.patch b/main/curl/CVE-2016-8616.patch
deleted file mode 100644
index 67309bf..0000000
--- a/main/curl/CVE-2016-8616.patch
+++ /dev/null
_at_@ -1,66 +0,0 @@
-From cef510beb222ab5750afcac2c74fcbcdc31ada64 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Tue, 27 Sep 2016 18:01:53 +0200
-Subject: [PATCH] connectionexists: use case sensitive user/password
- comparisons
-
-CVE-2016-8616
-
-Bug: https://curl.haxx.se/docs/adv_20161102B.html
-Reported-by: Cure53
----
- lib/url.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/url.c b/lib/url.c
-index 91b2bf8..cd3335c 100644
---- a/lib/url.c
-+++ b/lib/url.c
-_at_@ -3401,12 +3401,12 @@ ConnectionExists(struct Curl_easy *data,
-       }
- 
-       if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
-         /* This protocol requires credentials per connection,
-            so verify that we're using the same name and password as well */
--        if(!strequal(needle->user, check->user) ||
--           !strequal(needle->passwd, check->passwd)) {
-+        if(strcmp(needle->user, check->user) ||
-+           strcmp(needle->passwd, check->passwd)) {
-           /* one of them was different */
-           continue;
-         }
-       }
- 
-_at_@ -3462,12 +3462,12 @@ ConnectionExists(struct Curl_easy *data,
-            already authenticating with the right credentials. If not, keep
-            looking so that we can reuse NTLM connections if
-            possible. (Especially we must not reuse the same connection if
-            partway through a handshake!) */
-         if(wantNTLMhttp) {
--          if(!strequal(needle->user, check->user) ||
--             !strequal(needle->passwd, check->passwd))
-+          if(strcmp(needle->user, check->user) ||
-+             strcmp(needle->passwd, check->passwd))
-             continue;
-         }
-         else if(check->ntlm.state != NTLMSTATE_NONE) {
-           /* Connection is using NTLM auth but we don't want NTLM */
-           continue;
-_at_@ -3477,12 +3477,12 @@ ConnectionExists(struct Curl_easy *data,
-         if(wantProxyNTLMhttp) {
-           /* Both check->proxyuser and check->proxypasswd can be NULL */
-           if(!check->proxyuser || !check->proxypasswd)
-             continue;
- 
--          if(!strequal(needle->proxyuser, check->proxyuser) ||
--             !strequal(needle->proxypasswd, check->proxypasswd))
-+          if(strcmp(needle->proxyuser, check->proxyuser) ||
-+             strcmp(needle->proxypasswd, check->proxypasswd))
-             continue;
-         }
-         else if(check->proxyntlm.state != NTLMSTATE_NONE) {
-           /* Proxy connection is using NTLM auth but we don't want NTLM */
-           continue;
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8617.patch b/main/curl/CVE-2016-8617.patch
deleted file mode 100644
index 66c7f9a..0000000
--- a/main/curl/CVE-2016-8617.patch
+++ /dev/null
_at_@ -1,36 +0,0 @@
-From 3599341dd611303ee9544839d30f603f606d1082 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Wed, 28 Sep 2016 00:05:12 +0200
-Subject: [PATCH] base64: check for integer overflow on large input
-
-CVE-2016-8617
-
-Bug: https://curl.haxx.se/docs/adv_20161102C.html
-Reported-by: Cure53
----
- lib/base64.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/lib/base64.c b/lib/base64.c
-index ad25459..204a227 100644
---- a/lib/base64.c
-+++ b/lib/base64.c
-_at_@ -188,10 +188,15 @@ static CURLcode base64_encode(const char *table64,
-   *outlen = 0;
- 
-   if(!insize)
-     insize = strlen(indata);
- 
-+#if SIZEOF_SIZE_T == 4
-+  if(insize > UINT_MAX/4)
-+    return CURLE_OUT_OF_MEMORY;
-+#endif
-+
-   base64data = output = malloc(insize * 4 / 3 + 4);
-   if(!output)
-     return CURLE_OUT_OF_MEMORY;
- 
-   /*
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8618.patch b/main/curl/CVE-2016-8618.patch
deleted file mode 100644
index 6d4eaaf..0000000
--- a/main/curl/CVE-2016-8618.patch
+++ /dev/null
_at_@ -1,50 +0,0 @@
-From 31106a073882656a2a5ab56c4ce2847e9a334c3c Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Wed, 28 Sep 2016 10:15:34 +0200
-Subject: [PATCH] aprintf: detect wrap-around when growing allocation
-
-On 32bit systems we could otherwise wrap around after 2GB and allocate 0
-bytes and crash.
-
-CVE-2016-8618
-
-Bug: https://curl.haxx.se/docs/adv_20161102D.html
-Reported-by: Cure53
----
- lib/mprintf.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/lib/mprintf.c b/lib/mprintf.c
-index dbedeaa..2c88aa8 100644
---- a/lib/mprintf.c
-+++ b/lib/mprintf.c
-_at_@ -1034,20 +1034,23 @@ static int alloc_addbyter(int output, FILE *data)
-     }
-     infop->alloc = 32;
-     infop->len =0;
-   }
-   else if(infop->len+1 >= infop->alloc) {
--    char *newptr;
-+    char *newptr = NULL;
-+    size_t newsize = infop->alloc*2;
- 
--    newptr = realloc(infop->buffer, infop->alloc*2);
-+    /* detect wrap-around or other overflow problems */
-+    if(newsize > infop->alloc)
-+      newptr = realloc(infop->buffer, newsize);
- 
-     if(!newptr) {
-       infop->fail = 1;
-       return -1; /* fail */
-     }
-     infop->buffer = newptr;
--    infop->alloc *= 2;
-+    infop->alloc = newsize;
-   }
- 
-   infop->buffer[ infop->len ] = outc;
- 
-   infop->len++;
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8619.patch b/main/curl/CVE-2016-8619.patch
deleted file mode 100644
index 8470b35..0000000
--- a/main/curl/CVE-2016-8619.patch
+++ /dev/null
_at_@ -1,50 +0,0 @@
-From 91239f7040b1f026d4d15765e7e3f58e92e93761 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Wed, 28 Sep 2016 12:56:02 +0200
-Subject: [PATCH] krb5: avoid realloc(0)
-
-If the requested size is zero, bail out with error instead of doing a
-realloc() that would cause a double-free: realloc(0) acts as a free()
-and then there's a second free in the cleanup path.
-
-CVE-2016-8619
-
-Bug: https://curl.haxx.se/docs/adv_20161102E.html
-Reported-by: Cure53
----
- lib/security.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/lib/security.c b/lib/security.c
-index a268d4a..4cef8f8 100644
---- a/lib/security.c
-+++ b/lib/security.c
-_at_@ -190,19 +190,22 @@ socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
- static CURLcode read_data(struct connectdata *conn,
-                           curl_socket_t fd,
-                           struct krb5buffer *buf)
- {
-   int len;
--  void* tmp;
-+  void *tmp = NULL;
-   CURLcode result;
- 
-   result = socket_read(fd, &len, sizeof(len));
-   if(result)
-     return result;
- 
--  len = ntohl(len);
--  tmp = realloc(buf->data, len);
-+  if(len) {
-+    /* only realloc if there was a length */
-+    len = ntohl(len);
-+    tmp = realloc(buf->data, len);
-+  }
-   if(tmp == NULL)
-     return CURLE_OUT_OF_MEMORY;
- 
-   buf->data = tmp;
-   result = socket_read(fd, buf->data, len);
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8620.patch b/main/curl/CVE-2016-8620.patch
deleted file mode 100644
index c8c2cd1..0000000
--- a/main/curl/CVE-2016-8620.patch
+++ /dev/null
_at_@ -1,205 +0,0 @@
-From 52f3e1d1092c81a4f574c9fc6cb3818b88434c8d Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Mon, 3 Oct 2016 17:27:16 +0200
-Subject: [PATCH 1/3] range: prevent negative end number in a glob range
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2016-8620
-
-Bug: https://curl.haxx.se/docs/adv_20161102F.html
-Reported-by: Luật Nguyễn
----
- src/tool_urlglob.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
-index a357b8b..64c75ba 100644
---- a/src/tool_urlglob.c
-+++ b/src/tool_urlglob.c
-_at_@ -255,10 +255,16 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
-     else {
-       if(*endp != '-')
-         endp = NULL;
-       else {
-         pattern = endp+1;
-+        while(*pattern && ISBLANK(*pattern))
-+          pattern++;
-+        if(!ISDIGIT(*pattern)) {
-+          endp = NULL;
-+          goto fail;
-+        }
-         errno = 0;
-         max_n = strtoul(pattern, &endp, 10);
-         if(errno || (*endp == ':')) {
-           pattern = endp+1;
-           errno = 0;
-_at_@ -275,10 +281,11 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
-         else
-           endp = NULL;
-       }
-     }
- 
-+    fail:
-     *posp += (pattern - *patternp);
- 
-     if(!endp || (min_n > max_n) || (step_n > (max_n - min_n)) || !step_n)
-       /* the pattern is not well-formed */
-       return GLOBERROR("bad range", *posp, CURLE_URL_MALFORMAT);
--- 
-2.9.3
-
-
-From e97ebe97c2b53d3617c1f4082a2aaa4f1b593ef9 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Mon, 3 Oct 2016 18:23:22 +0200
-Subject: [PATCH 2/3] glob_next_url: make sure to stay within the given output
- buffer
-
----
- src/tool_urlglob.c | 17 +++++++++++------
- 1 file changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
-index 64c75ba..c45a78b 100644
---- a/src/tool_urlglob.c
-+++ b/src/tool_urlglob.c
-_at_@ -429,10 +429,11 @@ CURLcode glob_url(URLGlob** glob, char* url, unsigned long *urlnum,
-   *glob = NULL;
- 
-   glob_buffer = malloc(strlen(url) + 1);
-   if(!glob_buffer)
-     return CURLE_OUT_OF_MEMORY;
-+  glob_buffer[0]=0;
- 
-   glob_expand = calloc(1, sizeof(URLGlob));
-   if(!glob_expand) {
-     Curl_safefree(glob_buffer);
-     return CURLE_OUT_OF_MEMORY;
-_at_@ -546,33 +547,37 @@ CURLcode glob_next_url(char **globbed, URLGlob *glob)
-   for(i = 0; i < glob->size; ++i) {
-     pat = &glob->pattern[i];
-     switch(pat->type) {
-     case UPTSet:
-       if(pat->content.Set.elements) {
--        len = strlen(pat->content.Set.elements[pat->content.Set.ptr_s]);
-         snprintf(buf, buflen, "%s",
-                  pat->content.Set.elements[pat->content.Set.ptr_s]);
-+        len = strlen(buf);
-         buf += len;
-         buflen -= len;
-       }
-       break;
-     case UPTCharRange:
--      *buf++ = pat->content.CharRange.ptr_c;
-+      if(buflen) {
-+        *buf++ = pat->content.CharRange.ptr_c;
-+        *buf = '\0';
-+        buflen--;
-+      }
-       break;
-     case UPTNumRange:
--      len = snprintf(buf, buflen, "%0*ld",
--                     pat->content.NumRange.padlength,
--                     pat->content.NumRange.ptr_n);
-+      snprintf(buf, buflen, "%0*ld",
-+               pat->content.NumRange.padlength,
-+               pat->content.NumRange.ptr_n);
-+      len = strlen(buf);
-       buf += len;
-       buflen -= len;
-       break;
-     default:
-       printf("internal error: invalid pattern type (%d)\n", (int)pat->type);
-       return CURLE_FAILED_INIT;
-     }
-   }
--  *buf = '\0';
- 
-   *globbed = strdup(glob->glob_buffer);
-   if(!*globbed)
-     return CURLE_OUT_OF_MEMORY;
- 
--- 
-2.9.3
-
-
-From 9ce377051290c83176f235b526b87904cad6b388 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Tue, 4 Oct 2016 17:25:09 +0200
-Subject: [PATCH 3/3] range: reject char globs with missing end like '[L-]'
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-... which previously would lead to out of boundary reads.
-
-Reported-by: Luật Nguyễn
----
- src/tool_urlglob.c | 34 +++++++++++++++++++---------------
- 1 file changed, 19 insertions(+), 15 deletions(-)
-
-diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
-index c45a78b..09d21b6 100644
---- a/src/tool_urlglob.c
-+++ b/src/tool_urlglob.c
-_at_@ -186,36 +186,40 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
- 
-   if(ISALPHA(*pattern)) {
-     /* character range detected */
-     char min_c;
-     char max_c;
-+    char end_c;
-     int step=1;
- 
-     pat->type = UPTCharRange;
- 
--    rc = sscanf(pattern, "%c-%c", &min_c, &max_c);
-+    rc = sscanf(pattern, "%c-%c%c", &min_c, &max_c, &end_c);
- 
--    if((rc == 2) && (pattern[3] == ':')) {
--      char *endp;
--      unsigned long lstep;
--      errno = 0;
--      lstep = strtoul(&pattern[4], &endp, 10);
--      if(errno || (*endp != ']'))
--        step = -1;
--      else {
--        pattern = endp+1;
--        step = (int)lstep;
--        if(step > (max_c - min_c))
-+    if(rc == 3) {
-+      if(end_c == ':') {
-+        char *endp;
-+        unsigned long lstep;
-+        errno = 0;
-+        lstep = strtoul(&pattern[4], &endp, 10);
-+        if(errno || (*endp != ']'))
-           step = -1;
-+        else {
-+          pattern = endp+1;
-+          step = (int)lstep;
-+          if(step > (max_c - min_c))
-+            step = -1;
-+        }
-       }
-+      else if(end_c != ']')
-+        /* then this is wrong */
-+        rc = 0;
-     }
--    else
--      pattern += 4;
- 
-     *posp += (pattern - *patternp);
- 
--    if((rc != 2) || (min_c >= max_c) || ((max_c - min_c) > ('z' - 'a')) ||
-+    if((rc != 3) || (min_c >= max_c) || ((max_c - min_c) > ('z' - 'a')) ||
-        (step <= 0) )
-       /* the pattern is not well-formed */
-       return GLOBERROR("bad range", *posp, CURLE_URL_MALFORMAT);
- 
-     /* if there was a ":[num]" thing, use that as step or else use 1 */
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8621.patch b/main/curl/CVE-2016-8621.patch
deleted file mode 100644
index 6855ce9..0000000
--- a/main/curl/CVE-2016-8621.patch
+++ /dev/null
_at_@ -1,121 +0,0 @@
-From 8a6d9ded5f02f0294ae63a007e26087316c1998e Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Tue, 4 Oct 2016 16:59:38 +0200
-Subject: [PATCH] parsedate: handle cut off numbers better
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-... and don't read outside of the given buffer!
-
-CVE-2016-8621
-
-bug: https://curl.haxx.se/docs/adv_20161102G.html
-Reported-by: Luật Nguyễn
----
- lib/parsedate.c        | 12 +++++++-----
- tests/data/test517     |  6 ++++++
- tests/libtest/lib517.c |  8 +++++++-
- 3 files changed, 20 insertions(+), 6 deletions(-)
-
-diff --git a/lib/parsedate.c b/lib/parsedate.c
-index dfcf855..8e932f4 100644
---- a/lib/parsedate.c
-+++ b/lib/parsedate.c
-_at_@ -3,11 +3,11 @@
-  *  Project                     ___| | | |  _ \| |
-  *                             / __| | | | |_) | |
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
-- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-  * are also available at https://curl.haxx.se/docs/copyright.html.
-  *
-_at_@ -384,19 +384,21 @@ static int parsedate(const char *date, time_t *output)
-     }
-     else if(ISDIGIT(*date)) {
-       /* a digit */
-       int val;
-       char *end;
-+      int len=0;
-       if((secnum == -1) &&
--         (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
-+         (3 == sscanf(date, "%02d:%02d:%02d%n",
-+                      &hournum, &minnum, &secnum, &len))) {
-         /* time stamp! */
--        date += 8;
-+        date += len;
-       }
-       else if((secnum == -1) &&
--              (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
-+              (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
-         /* time stamp without seconds */
--        date += 5;
-+        date += len;
-         secnum = 0;
-       }
-       else {
-         long lval;
-         int error;
-diff --git a/tests/data/test517 b/tests/data/test517
-index c81a45e..513634f 100644
---- a/tests/data/test517
-+++ b/tests/data/test517
-_at_@ -114,10 +114,16 @@ nothing
- 79: 20110632 12:34:56 => -1
- 80: 20110623 56:34:56 => -1
- 81: 20111323 12:34:56 => -1
- 82: 20110623 12:34:79 => -1
- 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000
-+84: 20110623 12:3 => 1308830580
-+85: 20110623 1:3 => 1308790980
-+86: 20110623 1:30 => 1308792600
-+87: 20110623 12:12:3 => 1308831123
-+88: 20110623 01:12:3 => 1308791523
-+89: 20110623 01:99:30 => -1
- </stdout>
- 
- # This test case previously tested an overflow case ("2094 Nov 6 =>
- # 2147483647") for 32bit time_t, but since some systems have 64bit time_t and
- # handles this (returning 3939840000), and some 64bit-time_t systems don't
-diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
-index 2f68ebd..22162ff 100644
---- a/tests/libtest/lib517.c
-+++ b/tests/libtest/lib517.c
-_at_@ -3,11 +3,11 @@
-  *  Project                     ___| | | |  _ \| |
-  *                             / __| | | | |_) | |
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
-- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-  * are also available at https://curl.haxx.se/docs/copyright.html.
-  *
-_at_@ -114,10 +114,16 @@ static const char * const dates[]={
-   "20110632 12:34:56",
-   "20110623 56:34:56",
-   "20111323 12:34:56",
-   "20110623 12:34:79",
-   "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */
-+  "20110623 12:3",
-+  "20110623 1:3",
-+  "20110623 1:30",
-+  "20110623 12:12:3",
-+  "20110623 01:12:3",
-+  "20110623 01:99:30",
-   NULL
- };
- 
- int test(char *URL)
- {
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8622.patch b/main/curl/CVE-2016-8622.patch
deleted file mode 100644
index e6dba69..0000000
--- a/main/curl/CVE-2016-8622.patch
+++ /dev/null
_at_@ -1,126 +0,0 @@
-From 71da91453899ba20b28ee9712620e323145a0ee5 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Tue, 4 Oct 2016 18:56:45 +0200
-Subject: [PATCH] unescape: avoid integer overflow
-
-CVE-2016-8622
-
-Bug: https://curl.haxx.se/docs/adv_20161102H.html
-Reported-by: Cure53
----
- docs/libcurl/curl_easy_unescape.3 |  7 +++++--
- lib/dict.c                        | 10 +++++-----
- lib/escape.c                      | 10 ++++++++--
- 3 files changed, 18 insertions(+), 9 deletions(-)
-
-diff --git a/docs/libcurl/curl_easy_unescape.3 b/docs/libcurl/curl_easy_unescape.3
-index 06fd6fc..50ce97d 100644
---- a/docs/libcurl/curl_easy_unescape.3
-+++ b/docs/libcurl/curl_easy_unescape.3
-_at_@ -3,11 +3,11 @@
- .\" *  Project                     ___| | | |  _ \| |
- .\" *                             / __| | | | |_) | |
- .\" *                            | (__| |_| |  _ <| |___
- .\" *                             \___|\___/|_| \_\_____|
- .\" *
--.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel_at_haxx.se>, et al.
- .\" *
- .\" * This software is licensed as described in the file COPYING, which
- .\" * you should have received as part of this distribution. The terms
- .\" * are also available at https://curl.haxx.se/docs/copyright.html.
- .\" *
-_at_@ -38,11 +38,14 @@ their binary versions.
- If the \fBlength\fP argument is set to 0 (zero), \fIcurl_easy_unescape(3)\fP
- will use strlen() on the input \fIurl\fP string to find out the size.
- 
- If \fBoutlength\fP is non-NULL, the function will write the length of the
- returned string in the integer it points to. This allows an escaped string
--containing %00 to still get used properly after unescaping.
-+containing %00 to still get used properly after unescaping. Since this is a
-+pointer to an \fIint\fP type, it can only return a value up to INT_MAX so no
-+longer string can be unescaped if the string length is returned in this
-+parameter.
- 
- You must \fIcurl_free(3)\fP the returned string when you're done with it.
- .SH AVAILABILITY
- Added in 7.15.4 and replaces the old \fIcurl_unescape(3)\fP function.
- .SH RETURN VALUE
-diff --git a/lib/dict.c b/lib/dict.c
-index a7b5965..48a4e0a 100644
---- a/lib/dict.c
-+++ b/lib/dict.c
-_at_@ -3,11 +3,11 @@
-  *  Project                     ___| | | |  _ \| |
-  *                             / __| | | | |_) | |
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
-- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-  * are also available at https://curl.haxx.se/docs/copyright.html.
-  *
-_at_@ -50,11 +50,11 @@
- 
- #include "urldata.h"
- #include <curl/curl.h>
- #include "transfer.h"
- #include "sendf.h"
--
-+#include "escape.h"
- #include "progress.h"
- #include "strequal.h"
- #include "dict.h"
- #include "rawstr.h"
- #include "curl_memory.h"
-_at_@ -94,16 +94,16 @@ const struct Curl_handler Curl_handler_dict = {
- static char *unescape_word(struct Curl_easy *data, const char *inputbuff)
- {
-   char *newp;
-   char *dictp;
-   char *ptr;
--  int len;
-+  size_t len;
-   char ch;
-   int olen=0;
- 
--  newp = curl_easy_unescape(data, inputbuff, 0, &len);
--  if(!newp)
-+  CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE);
-+  if(!newp || result)
-     return NULL;
- 
-   dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */
-   if(dictp) {
-     /* According to RFC2229 section 2.2, these letters need to be escaped with
-diff --git a/lib/escape.c b/lib/escape.c
-index e61260d..6657007 100644
---- a/lib/escape.c
-+++ b/lib/escape.c
-_at_@ -222,12 +222,18 @@ char *curl_easy_unescape(struct Curl_easy *data, const char *string,
-     size_t outputlen;
-     CURLcode res = Curl_urldecode(data, string, inputlen, &str, &outputlen,
-                                   FALSE);
-     if(res)
-       return NULL;
--    if(olen)
--      *olen = curlx_uztosi(outputlen);
-+
-+    if(olen) {
-+      if(outputlen <= (size_t) INT_MAX)
-+        *olen = curlx_uztosi(outputlen);
-+      else
-+        /* too large to return in an int, fail! */
-+        Curl_safefree(str);
-+    }
-   }
-   return str;
- }
- 
- /* For operating systems/environments that use different malloc/free
--- 
-2.9.3
-
diff --git a/main/curl/CVE-2016-8623.patch b/main/curl/CVE-2016-8623.patch
deleted file mode 100644
index 4eb8678..0000000
--- a/main/curl/CVE-2016-8623.patch
+++ /dev/null
_at_@ -1,207 +0,0 @@
-From d9d57fe0da6f25d05570fd583520ecd321ed9c3f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel_at_haxx.se>
-Date: Tue, 4 Oct 2016 23:26:13 +0200
-Subject: [PATCH] cookies: getlist() now holds deep copies of all cookies
-
-Previously it only held references to them, which was reckless as the
-thread lock was released so the cookies could get modified by other
-handles that share the same cookie jar over the share interface.
-
-CVE-2016-8623
-
-Bug: https://curl.haxx.se/docs/adv_20161102I.html
-Reported-by: Cure53
----
- lib/cookie.c | 61 +++++++++++++++++++++++++++++++++++++++---------------------
- lib/cookie.h |  4 ++--
- lib/http.c   |  2 +-
- 3 files changed, 43 insertions(+), 24 deletions(-)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 0f05da2..8607ce3 100644
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-_at_@ -1022,10 +1022,44 @@ static int cookie_sort(const void *p1, const void *p2)
- 
-   /* sorry, can't be more deterministic */
-   return 0;
- }
- 
-+#define CLONE(field)                     \
-+  do {                                   \
-+    if(src->field) {                     \
-+      dup->field = strdup(src->field);   \
-+      if(!dup->field)                    \
-+        goto fail;                       \
-+    }                                    \
-+  } while(0)
-+
-+static struct Cookie *dup_cookie(struct Cookie *src)
-+{
-+  struct Cookie *dup = calloc(sizeof(struct Cookie), 1);
-+  if(dup) {
-+    CLONE(expirestr);
-+    CLONE(domain);
-+    CLONE(path);
-+    CLONE(spath);
-+    CLONE(name);
-+    CLONE(value);
-+    CLONE(maxage);
-+    CLONE(version);
-+    dup->expires = src->expires;
-+    dup->tailmatch = src->tailmatch;
-+    dup->secure = src->secure;
-+    dup->livecookie = src->livecookie;
-+    dup->httponly = src->httponly;
-+  }
-+  return dup;
-+
-+  fail:
-+  freecookie(dup);
-+  return NULL;
-+}
-+
- /*****************************************************************************
-  *
-  * Curl_cookie_getlist()
-  *
-  * For a given host and path, return a linked list of cookies that the
-_at_@ -1077,15 +1111,12 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
-         if(!co->spath || pathmatch(co->spath, path) ) {
- 
-           /* and now, we know this is a match and we should create an
-              entry for the return-linked-list */
- 
--          newco = malloc(sizeof(struct Cookie));
-+          newco = dup_cookie(co);
-           if(newco) {
--            /* first, copy the whole source cookie: */
--            memcpy(newco, co, sizeof(struct Cookie));
--
-             /* then modify our next */
-             newco->next = mainco;
- 
-             /* point the main to us */
-             mainco = newco;
-_at_@ -1093,16 +1124,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
-             matches++;
-           }
-           else {
-             fail:
-             /* failure, clear up the allocated chain and return NULL */
--            while(mainco) {
--              co = mainco->next;
--              free(mainco);
--              mainco = co;
--            }
--
-+            Curl_cookie_freelist(mainco);
-             return NULL;
-           }
-         }
-       }
-     }
-_at_@ -1150,11 +1176,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
-  *
-  ****************************************************************************/
- void Curl_cookie_clearall(struct CookieInfo *cookies)
- {
-   if(cookies) {
--    Curl_cookie_freelist(cookies->cookies, TRUE);
-+    Curl_cookie_freelist(cookies->cookies);
-     cookies->cookies = NULL;
-     cookies->numcookies = 0;
-   }
- }
- 
-_at_@ -1162,25 +1188,18 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
-  *
-  * Curl_cookie_freelist()
-  *
-  * Free a list of cookies previously returned by Curl_cookie_getlist();
-  *
-- * The 'cookiestoo' argument tells this function whether to just free the
-- * list or actually also free all cookies within the list as well.
-- *
-  ****************************************************************************/
- 
--void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
-+void Curl_cookie_freelist(struct Cookie *co)
- {
-   struct Cookie *next;
-   while(co) {
-     next = co->next;
--    if(cookiestoo)
--      freecookie(co);
--    else
--      free(co); /* we only free the struct since the "members" are all just
--                   pointed out in the main cookie list! */
-+    freecookie(co);
-     co = next;
-   }
- }
- 
- 
-_at_@ -1231,11 +1250,11 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
-  ****************************************************************************/
- void Curl_cookie_cleanup(struct CookieInfo *c)
- {
-   if(c) {
-     free(c->filename);
--    Curl_cookie_freelist(c->cookies, TRUE);
-+    Curl_cookie_freelist(c->cookies);
-     free(c); /* free the base struct as well */
-   }
- }
- 
- /* get_netscape_format()
-diff --git a/lib/cookie.h b/lib/cookie.h
-index cd7c54a..a9a4578 100644
---- a/lib/cookie.h
-+++ b/lib/cookie.h
-_at_@ -5,11 +5,11 @@
-  *  Project                     ___| | | |  _ \| |
-  *                             / __| | | | |_) | |
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
-- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel_at_haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-  * are also available at https://curl.haxx.se/docs/copyright.html.
-  *
-_at_@ -80,11 +80,11 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
-                                struct CookieInfo *, bool header, char *lineptr,
-                                const char *domain, const char *path);
- 
- struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
-                                    const char *, bool);
--void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
-+void Curl_cookie_freelist(struct Cookie *cookies);
- void Curl_cookie_clearall(struct CookieInfo *cookies);
- void Curl_cookie_clearsess(struct CookieInfo *cookies);
- 
- #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
- #define Curl_cookie_list(x) NULL
-diff --git a/lib/http.c b/lib/http.c
-index 65c145a..e6e7d37 100644
---- a/lib/http.c
-+++ b/lib/http.c
-_at_@ -2382,11 +2382,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
-             break;
-           count++;
-         }
-         co = co->next; /* next cookie please */
-       }
--      Curl_cookie_freelist(store, FALSE); /* free the cookie list */
-+      Curl_cookie_freelist(store);
-     }
-     if(addcookies && !result) {
-       if(!count)
-         result = Curl_add_bufferf(req_buffer, "Cookie: ");
-       if(!result) {
--- 
-2.9.3
-
-- 
2.4.11
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Dec 30 2016 - 08:50:19 GMT